exploitDog

CVE-2013-3707

Опубликовано: 01 дек. 2013

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

Ссылки

http://www.novell.com/support/kb/doc.php?id=7014063
Vendor Advisory
http://www.novell.com/support/kb/doc.php?id=7014063
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:novell:open_enterprise_server:11.0:*:*:*:*:*:*:*

cpe:2.3:o:novell:open_enterprise_server:11.0:sp1:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02972

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-c79m-cfh4-phqp

github

больше 3 лет назад

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

EPSS

Процентиль: 86%

0.02972

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20